I've been poking around in the Altis life files, and from what I can tell, they don't have any methods of sanitizing the SQL queries, so I began to poke around a bit more, and came up with:

Code:

Th3Dr0ppeR'); DROP TABLE players;--

(note that that exact code won't work, sorry copypastas :P) which, if you set as your name, will drop the players table from the database. You can do a lot if you know what you're doing. If you come up with a query too long to be set as your name, manually create a new profile (Documents\Arma 3 - Other Profiles\). The names in Arma use URLEncoding (+rep drwhat for that info), you can use an online encoder such as this one: http://meyerweb.com/eric/tools/dencoder/ . The information below is information on the table structure for most Altis Life servers (customized ones are, obviously, custom to that server).

Schema name: Most likely randomized, you can get it if you look in DATABASES.txt on the root directory of the server (along with a few other goodies) hopefully you can use loadFile and figure out what to do from there. The default schema name (if they're using a VPS, etc):

Code:

arma3life

Tables:

Code:

players

and

Code:

vehicles

(I'm hoping you can infer what goes in each of these databases).

Players:

Vehicles:

Stored Functions:
There are two on default servers that I have found, deleteDeadVehicles and resetLifeVehicles.

PS if you read the code you can do alot more then just drop the tables.

thanks for the info Plusrep

also its URLEncdoding So use a online encoder to encode your malicious name

Edit lol; if you are new to a server dont try this, you will get errors (Unable to setup user session retries 3) :3

SQL injection isn't the only thing you can do ;D

I noticed the unable to setup user error... dunno what causes that, but like you said, if you join a server first and then change it, it works fine. Funny that they didn't think of filtering names at all, though. :P

Most of the databases aren't too secure anyways, if you get the Databases.txt (IIRC that file is in the root server dir, along with arma3server.exe, etc == reason why you need that is because most servers hosted by a hosting company use different ports, and names) through loadFile you can royally fuck the server.

Most of the databases aren't too secure anyways, if you get the Databases.txt (IIRC that file is in the root server dir, along with arma3server.exe, etc == reason why you need that is because most servers hosted by a hosting company use different ports, and names) through loadFile you can royally fuck the server.

I think this method will not work for Altis Life Server > 3.1.2, because there is a method for sanitizing the playername when inserted to the DB !.

If you connect to a Server, the playerinfo ( Money,liceneces ) etc. gets queryied via the User ID (UID).

fn_Update.sqf:

Code:

_name = [_name] call DB_fnc_mresString;

Yes they now check by UID not player name. but there are other ways to SQL Inject. money update for instance, do a union injection in the money variable, Force an update to the server. All should be good. Make your self admin, donator, give people money, take away peoples money, add vehicals to peoples garagesw, and removed add cops, remove cops So much you can do.

Yes they now check by UID not player name. but there are other ways to SQL Inject. money update for instance, do a union injection in the money variable, Force an update to the server. All should be good. Make your self admin, donator, give people money, take away peoples money, add vehicals to peoples garagesw, and removed add cops, remove cops So much you can do.

How to do so ? Inject the SQL command via a tool like CheatEngine into the money variable?

How to do so ? Inject the SQL command via a tool like CheatEngine into the money variable?

Because the ATM is not vularable I guess haha.

No, Becuase with cheatengine you arr limited by the amount of bytes the gnine asigns, you will need to create a script to change the variable value to the payload. then inject that, execute it, if you money looks like the query you set it, press force sync.

No, Becuase with cheatengine you arr limited by the amount of bytes the gnine asigns, you will need to create a script to change the variable value to the payload. then inject that, execute it, if you money looks like the query you set it, press force sync.

Ok so basically I need to hook a gamefunction to call ExecVM and point to my script, because the standart "Script Executer" are mostly detected by server based scripts?.